[UBUNTU 21.04] tools/kvm_stat: Add restart delay

Bug #1921870 reported by bugproxy
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
Medium
Skipper Bug Screeners
linux (Ubuntu)
Fix Released
Medium
Canonical Kernel Team
Hirsute
Fix Released
Medium
Canonical Kernel Team
Impish
Fix Released
Medium
Canonical Kernel Team

Bug Description

SRU Justification:

[Impact]

* Nice to have feature requested by IBM - a systemd service monitoring
  KVM guests.
* Adds a new systemd service, not enabled by default.

[Fix]

* Install the systemd .service file when installing linux-tools-host

[Test Plan]

* dpkg -c linux-tools-host_5.11.0-18.19_all.deb
  ./lib/systemd/system/kvm_stat.service
* Install the package and reboot
* Check if kvm_stat is present and not active after reboot:
  ls -l /lib/systemd/system/kvm_stat.service
  systemctl -a | grep kvm_stat

[Where problems could occur]

* Service can be enabled and started by mistake or by any further future
  Makefile change (enabling all services installed by linux-tools-host).

* The service logs into /var/log/kvm_stat.csv (not journal!) and package does
  not provide logrotate by default, thus the logging could eat entire
  disk space.

-- Original Description --

Description: tools/kvm_stat: Add restart delay
Symptom: If the kvm service is enabled and the system rebooted,
               Systemd's initial attempt to start the kvm unit file may
               fail in case the kvm module is not loaded. However, once the
               kvm module is loaded, the service is _not_ started.
Problem: Since the unit file does not specify a delay for the retries,
               Systemd restarts with a minimum delay a number of times
               before giving up and disabling the service. Which means a
               subsequent kvm module load will have kvm running without
               monitoring.
Solution: Add an appropriate delay in the unit file.
Reproduction: (1) Enable the kvm service via systemctl
               (2) Reboot
               (3) Verify that the kvm module is not loaded & kvm service
                   not running
               (4) Load the kvm module via 'modprobe kvm'
               (5) Verify that the kvm service came up within the next
                   minute.
Preventive: yes

Just use the attached patch and you're good!

CVE References

Revision history for this message
bugproxy (bugproxy) wrote : Patch to fix the issue

Default Comment by Bridge

tags: added: architecture-s39064 bugnameltc-192257 severity-high targetmilestone-inin2110
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
Frank Heimes (fheimes) wrote :

Since Ubuntu has KVM built-in (rather than being compiled as module) this should not be needed for Ubuntu.

$ lsb_release -r
Release: 21.04
$ arch
s390x
$ grep -i CONFIG_KVM= /boot/config-5.11.0-13-generic
CONFIG_KVM=y
$ lsmod | grep -i kvm
$ kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used

$ lsb_release -r
Release: 20.04
$ arch
s390x
$ grep -i CONFIG_KVM= /boot/config-5.4.0-70-generic
CONFIG_KVM=y
$ lsmod | grep -i kvm
$ kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2021-03-30 09:10 EDT-------
OK, that sounds good!
Related question: Do you install that unit file and make available the kvm service in Ubuntu at all? If so, could you try to reboot with the service enabled to verify that it does work as expected (i.e.: it is running)? Not that we're missing something here, still...

Revision history for this message
Frank Heimes (fheimes) wrote :

Hi Stefan, no we don't ship the service file (at least not with 20.04 to 21.04):
$ dpkg -L linux-tools-host
/.
/usr
/usr/bin
/usr/bin/kvm_stat
/usr/share
/usr/share/doc
/usr/share/doc/linux-tools-host
/usr/share/doc/linux-tools-host/changelog.Debian.gz
/usr/share/doc/linux-tools-host/copyright
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/kvm_stat.1.gz

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2021-03-30 10:59 EDT-------
OK, would that be a consideration? The idea is to have a service that logs kvm events in a round-robin manner. To do so, 2 things need to happen:
(1) install the unit file kvm_stat.service
(2) install a respective logrotate file in /etc/logrotate.d, so we can wrap around - see git commit 3754afe7cf7cc3693a9c9ff795e9bd97175ca639 for further information

Revision history for this message
Frank Heimes (fheimes) wrote :

I think one reason might have been that a dependency between this package and systemd wanted to be avoided.
And was the service part of kvm_stats from the very beginning (I don't remember) ...

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2021-04-01 03:22 EDT-------
No, this service (file) was introduced only later last year by us. We figured that we should have some way to collect data on KVM for service cases - very handy! The other distros adopted this, too :)
You could move kvm_stat and/or the unit file into a separate package to avoid a systemd dependency!

Revision history for this message
Frank Heimes (fheimes) wrote :

Hi Stefan, ok we'll have a look how we can get in best.
Not sure though if it can be done until 21.04 GA, maybe as SRU a bit later ...

Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in linux (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel Team (canonical-kernel-team)
Changed in ubuntu-z-systems:
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2021-04-21 04:09 EDT-------
Canonical, what is the current status of this LP? Thx

Revision history for this message
Frank Heimes (fheimes) wrote :

Since kvm_stat is part of the Ubuntu package linux-tools and packages are affected by the feature freeze, this cannot be processed right now, since we are at the end of the 21.04 cycle, and we have to wait until 21.04 is released.
Once 21.04 is out this can be picked up again and a service release update (SRU) process can be started.

Frank Heimes (fheimes)
Changed in linux (Ubuntu Hirsute):
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
importance: Undecided → Medium
Changed in linux (Ubuntu Impish):
importance: Undecided → Medium
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Revision history for this message
Krzysztof Kozlowski (krzk) wrote :
Frank Heimes (fheimes)
Changed in linux (Ubuntu Impish):
status: New → In Progress
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Changed in linux (Ubuntu Impish):
status: In Progress → Fix Committed
Stefan Bader (smb)
Changed in linux (Ubuntu Hirsute):
status: New → Fix Committed
description: updated
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-hirsute' to 'verification-done-hirsute'. If the problem still exists, change the tag 'verification-needed-hirsute' to 'verification-failed-hirsute'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-hirsute
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2021-06-24 09:44 EDT-------
Verified on hirsute-proposed.

tags: added: verification-done-hirsute
removed: verification-needed-hirsute
Revision history for this message
Frank Heimes (fheimes) wrote :

Thx Stefan for the verification.
(I don't know why there is a verification-needed-focal tag on top, since this bug is not marked as affecting focal at all ?! To avoid any blockers, I'm changing it to done, too.)

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (23.1 KiB)

This bug was fixed in the package linux - 5.11.0-25.27

---------------
linux (5.11.0-25.27) hirsute; urgency=medium

  * CVE-2021-33909
    - SAUCE: seq_file: Disallow extremely large seq buffer allocations

linux (5.11.0-24.25) hirsute; urgency=medium

  * test_pmtu_vti4_link_add_mtu() test from net/pmtu.sh in
    ubuntu_kernel_selftests cannot finish properly on 5.11 and 5.8
    (LP: #1933969)
    - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
    - sit: proper dev_{hold|put} in ndo_[un]init methods
    - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
    - ipv6: remove extra dev_hold() for fallback tunnels

linux (5.11.0-23.24) hirsute; urgency=medium

  * hirsute/linux: 5.11.0-23.24 -proposed tracker (LP: #1932420)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - update dkms package versions

  * Disable hv-kvp-daemon.service on certain instance types (LP: #1932081)
    - [Packaging]: Add kernel command line condition to hv-kvp-daemon service

  * Add support for IO functions of AAEON devices (LP: #1929504)
    - ODM: mfd: Add support for IO functions of AAEON devices
    - ODM: gpio: add driver for AAEON devices
    - ODM: watchdog: add driver for AAEON devices
    - ODM: hwmon: add driver for AAEON devices
    - ODM: leds: add driver for AAEON devices
    - ODM: [Config] update config for AAEON devices

  * Add support for selective build of special drivers (LP: #1912789)
    - [Packaging] Add support for ODM drivers
    - [Packaging] Turn on ODM support for amd64
    - [Packaging] Fix ODM support in actual build
    - [Packaging] Fix ODM DRIVERS Kconfig

  * Mute/Mic mute LEDs and right speaker are not work on HP platforms
    (LP: #1932055)
    - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Elite Dragonfly
      G2
    - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP EliteBook x360
      1040 G8
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840 Aero G8
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8

  * SD card initialization on insertion fails (LP: #1929444)
    - misc: rtsx: separate aspm mode into MODE_REG and MODE_CFG

  * Fix non-working GPU on Some HP desktops (LP: #1931147)
    - PCI: Coalesce host bridge contiguous apertures

  * CirrusLogic: The default input volume is "0%" on Dell Warlock (LP: #1929803)
    - ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB

  * Mic-mute/mute LEDs not work on some HP platforms (LP: #1930707)
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8
    - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8
    - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8
    - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8

  * [UBUNTU 21.04] tools/kvm_stat: Add restart delay (LP: #1921870)
    - [Packaging] install kvm_stat systemd service

  * Fix ICL PCH no picture after S3 (LP: #1930582)
    - drm/i915/icp+: Use icp_hpd_irq_setup() instead of spt_hpd_irq_setup()

  * Hirsute update: v5.11.22 upstream stable release (LP: #1931292)
    - KEYS: trusted: Fix memory...

Changed in linux (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.13.0-14.14

---------------
linux (5.13.0-14.14) impish; urgency=medium

  * impish/linux: 5.13.0-14.14 -proposed tracker (LP: #1938565)

  * Miscellaneous Ubuntu changes
    - SAUCE: Revert "UBUNTU: SAUCE: random: Make getrandom() ready earlier"
    - SAUCE: random: properly make getrandom() ready earlier

  * Miscellaneous upstream changes
    - seq_buf: Fix overflow in seq_buf_putmem_hex()
    - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
    - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a
      transaction handle
    - ext4: fix kernel infoleak via ext4_extent_header
    - ext4: fix overflow in ext4_iomap_alloc()
    - ext4: return error code when ext4_fill_flex_info() fails
    - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
    - ext4: remove check for zero nr_to_scan in ext4_es_scan()
    - ext4: fix avefreec in find_group_orlov
    - ext4: use ext4_grp_locked_error in mb_find_extent

 -- Andrea Righi <email address hidden> Mon, 02 Aug 2021 14:23:08 +0200

Changed in linux (Ubuntu Impish):
status: Fix Committed → Fix Released
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers